vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add support for disabling an entire namespace, including its team members

Browse source
This commit is contained in:
Joseph Schorr 2017-07-13 12:24:20 +03:00
parent 7910dc4b2a
commit e00437c227
1 changed files with 29 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
util/disableabuser.py
View file

@ -1,16 +1,14 @@
import argparse
from datetime import datetime
from app import tf from app import tf
from data import model from data import model
from data.model import db_transaction from data.model import db_transaction
from data.database import QueueItem, Repository, RepositoryBuild, RepositoryBuildTrigger from data.database import QueueItem, Repository, RepositoryBuild, RepositoryBuildTrigger
from data.queue import WorkQueue from data.queue import WorkQueue
from datetime import datetime
import argparse
def disable_abusing_user(username, queue_name):
if not username:
raise Exception('Must enter a username')
def ask_disable_namespace(username, queue_name):
user = model.user.get_namespace_user(username) user = model.user.get_namespace_user(username)
if user is None: if user is None:
raise Exception('Unknown user or organization %s' % username) raise Exception('Unknown user or organization %s' % username)
@ -33,7 +31,10 @@ def disable_abusing_user(username, queue_name):
.where(Repository.namespace_user == user) .where(Repository.namespace_user == user)
.count()) .count())
print "Using queue namespace %s" % queue_name print "============================================="
print "For namespace %s" % username
print "============================================="
print "User %s has email address %s" % (username, user.email) print "User %s has email address %s" % (username, user.email)
print "User %s has %s queued builds in their namespace" % (username, existing_queue_item_count) print "User %s has %s queued builds in their namespace" % (username, existing_queue_item_count)
print "User %s has %s build triggers in their namespace" % (username, repository_trigger_count) print "User %s has %s build triggers in their namespace" % (username, repository_trigger_count)
@ -44,8 +45,10 @@ def disable_abusing_user(username, queue_name):
print "Action canceled" print "Action canceled"
return return
# Disable the user. print "============================================="
triggers = [] triggers = []
count_removed = 0
with db_transaction(): with db_transaction():
user.enabled = False user.enabled = False
user.save() user.save()
@ -75,8 +78,23 @@ def disable_abusing_user(username, queue_name):
dockerfile_build_queue = WorkQueue(queue_name, tf, has_namespace=True) dockerfile_build_queue = WorkQueue(queue_name, tf, has_namespace=True)
count_removed = dockerfile_build_queue.delete_namespaced_items(user.username) count_removed = dockerfile_build_queue.delete_namespaced_items(user.username)
info = (username, len(triggers), count_removed) info = (user.username, len(triggers), count_removed)
print "Namespace %s disabled, %s triggers deleted, %s queued builds removed" % info print "Namespace %s disabled, %s triggers deleted, %s queued builds removed" % info
return user
def disable_abusing_user(username, queue_name):
if not username:
raise Exception('Must enter a username')
# Disable the namespace itself.
user = ask_disable_namespace(username, queue_name)
# If an organization, ask if all team members should be disabled as well.
if user.organization:
members = model.organization.get_organization_member_set(user)
for membername in members:
ask_disable_namespace(membername, queue_name)
parser = argparse.ArgumentParser(description='Disables a user abusing the build system') parser = argparse.ArgumentParser(description='Disables a user abusing the build system')